Re: Fix for CVE-2014-1692 , CVE-2014-2532

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 

On 17/03/15 15:52, abhi dhiman wrote:

Hi All,

Actually I am working with the OpenSSH version 6.2p which is vulnerable to
above mentioned vulnerabilities.

So am looking for some help how I can fix these vulnerabilities in my
version. I need to fix it in the OpenSSH code.

Regards
Abhishek
Unless you specifically enabled the experimental JPAKE support in openssh (eg. by adding 

-DJPAKE in Makefile.inc) you are not affected by CVE-2014-1692.

In order to avoid CVE-2014-2532, you can apply this change:
https://anongit.mindrot.org/openssh.git/commit/?id=8569eba5d7f7348ce3955eeeb399f66f25c52ece

Regards


_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux